as spam and possibly take a
sample.
http://www.armresearch.com/support/articles/software/snfServer/core.jsp
Hope this helps,
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909 x7010
twitter/codedweller
---
This E-mail
Declude\SNF\SNFClient.exe"
10 0
Woops!! That's backward.
It SHOULD be:
SNIFFER-CAUTION external 040 etc...
SNIFFER-TRUNCATE external 020 etc...
Best,
_M
--
Pete McNeil, President
?
Yes.
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909 x7010
twitter/codedweller
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubs
didn't match any patterns I know, but
I'll bet that it's just a bot I haven't seen before that's been lit up
to send a new spam campaign.
That reasoning is usually correct, but it's not as solid as the other
result codes because it's guessing
Hope this helps,
_M
--
Pete McNeil, President
MicroNeil
because it will know about
IPs that you may not have seen yet at your system.
Best,
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909 x7010
twitter/codedweller
---
This E-mail came from the Declude.JunkMail mailing list
anything about that? If Declude just evaporates without
saying another word that would be a good thing to have.
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909 x7010
twitter/codedweller
---
This E-mail came from the Declude.JunkMail mailing list
was
We're digging into this one a bit right now -- Could you zip up a
bunch of samples and send them to me please? We have several
structural and content vectors to explore and I'm looking for
exploitable commonalities.
Thanks,
_M
--
Pete McNeil
getting here - I'll
keep an eye out.
Thanks,
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com
. At
least 3 new structural abstracts are in play also.
If you're not already using the truncate BL that might also help add
some weight (I see you're using a lot of tests):
http://gbudb.com/truncate/index.jsp
Thanks,
_M
--
Pete McNeil, President
MicroNeil
, or Declude.
On the surface I would suggest that RAM is your big problem. If you have
2G and you're using 5-10G then you are spending a lot of time swapping
through IO. RAM is pretty cheap these days, so I would probably boost
that first (not knowing more about it).
_M
--
Pete McNeil, President
it other than expense and the relatively small size of SSDs -- even
that shouldn't be a problem these days if you watch it closely. My
experiment was many years ago.
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
---
This E-mail came from
://www.armresearch.com/support/articles/software/snfServer/logFiles/
http://www.armresearch.com/support/articles/software/snfServer/config/node/logs/scan/xml.jsp
Hope this helps,
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail
).
You only need a larger number of threads when sending mail out
because each thread may need to wait a significant amount of time
for the outbound process to start and finish.
Hope this helps,
_M
--
Pete McNeil, President
MicroNeil Research Corporation
he mystery heap.
This search might help you find what you're looking for in previous
discussions.
Hope this helps,
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
---
This E-mail came from the Declud
rchive.com/search?q=0xC142l=declude.junkmail%40declude.com
There is also a link buried in the KB article that leads here:
http://www.declude.com/Articles.asp?ID=130
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.
.
http://www.gbudb.com/truncate/index.jsp
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
type unsubscribe
is tmpfs with a ton of extra RAM.
Analogous to a RAM drive on Win* I suppose -but tmpfs will automatically
extend itself to physical drives if the size explodes so that's
something to watch for.
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
On 2/11/2011 2:49 PM, IMail Admin wrote:
But keeping the spam down is a bigger issue right now.
You might try adding truncate to your RBLs.
http://www.gbudb.com/truncate/index.jsp
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
batch we see.
Best,
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
---[This E-mail was scanned by Declude]
---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to imail
address. Please also let us know if we can
improve our documentation.
Thanks!
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
---[This E-mail was scanned by Declude]
---This E-mail came from the Declude.JunkMail
/node/gbudb/training/source-header.jsp
If you configure this training mechanism for GBUdb in your Message
Sniffer engine then GBUdb will become much more accurate for messages
coming through that source.
Best,
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
the black
range and be scored accordingly. Other IPs sending messages through that
system will be scored on their own merits.
_M
--
Pete McNeil, President
MicroNeil Research Corporation
www.microneil.com
703.779.4909
x7010
---
[This E-mail was scanned by Declude]
---
This E-mail came from
On 8/1/2010 1:36 PM, Imail Admin wrote:
Hi Pete,
By SNF I assume you mean Sniffer? How do I tell for sure which
version is running and whether it is getting the latest downloads? I
know it's running at least partially because the report lists it. I
checked the cfg file and it says
On 8/1/2010 3:03 PM, Imail Admin wrote:
Hi Pete,
OK, I did the upgrade. One thing that was slightly different from the
instructions was that even though I directed it to install into the
same folder as the prior Sniffer installation (d:\imail\sniffer), it
only offered me a choice of a new
On 7/28/2010 2:29 PM, Imail Admin wrote:
lately (last couple of
weeks) I've noticed more spam getting through. A lot more.
Check your SNF installation. I looked up your license ID and checked for
your telemetry and did not find it.
This usually means that SNF is not currently running on
On 7/27/2010 2:10 PM, Colbeck, Andrew wrote:
Flavour of the day:
Relevant bits of the header:
Received: from payoff.all-debt-forever.com [173.192.161.27]
Subject: Stay on top of your credit report
Thanks -- coded some rules, will be looking for abstract opportunities.
Also coded several
On 7/23/2010 2:29 PM, Matt wrote:
This spammer accounts for about 7% of all E-mail that makes it to my
deep scanning layer. Sniffer seems to miss a good deal of their spam,
so there isn't much protection from it otherwise.
Matt -- Is it possible for you to zip up some samples from this guy
On 7/23/2010 6:37 PM, Matt wrote:
Pete,
Will do. I call this spammer Whitestone,
Much appreciated. I'll take a closer look with the team to see what we
can do to close these guys down better.
Thanks!
_M
--
President
MicroNeil Research Corporation
www.microneil.com
---
[This E-mail
On 7/23/2010 9:19 PM, Matt wrote:
I guess my point here is that they are both very high volume spammers,
and they both randomize sufficiently so that blocking them requires
blocking their domains and having the samples available, but putting
in proactive rules will only last a short time.
On 5/5/2010 1:30 PM, Andy Schmidt wrote:
Hi Dave,
Hm
yes,I think if you
added 21 lines (from -10 to 0 and to +10) to the config file, you would
have could
cover the reputation range from -1 to +1 in 0.1 step increments.
Not
elegant but would
have the same effect as
Title: Release 4.10.42
On 5/5/2010 3:24 PM, Andy Schmidt wrote:
Hi
Dave
(just in case this got overlooked or I missed the
answer),
Also even though
there are multiple entries the test only runs once and the resulted
exit code
is the triggered.
I
know that all 18
Title: Release 4.10.42
On 5/5/2010 4:05 PM, Andy Schmidt wrote:
snip/
The
golden rule for external tests and for RBLs is if
you have multiple lines using the SAME command
(e.g., the 18 SNF lines), or referring to the same external
program (e.g., 5 invURIBL lines), or
On 4/30/2010 9:32 PM, Andy Schmidt wrote:
snip/
But your documentation of the reputation system has a graph that shows that
there is yet another category: WHITE.
I don't know the details of Declude's impelementation. Presumably they
could (or maybe even do) implement WHITE.
The
On 5/1/2010 1:51 PM, Andy Schmidt wrote:
snip/
Right - that's the same scheme I just pointed
out to Dave
myself - except in my case you could pick a distinct factor for the
"-" vs. the "+" side of the scale (because Declude already
has that option anyhow)
I was
On 4/29/2010 10:06 PM, Andy Schmidt wrote:
Thanks
I activated it in my gateway and will report back after a day or so.
Question:
a)
Does
it have TXT records that holds additional info that can be returned
in the 5.7.1 message to the sender?
Right now all
I wasn't aware 127.0.0.1 would cause trouble (does it?)
It's easy enough to change, but everyone will need to know about the
change and will need to change their setup.
Please point me to "the standard" so I can understand where the problem
is.
Thanks!
_M
On 4/30/2010 1:17 PM, Andy Schmidt
On 4/30/2010 1:17 PM, Andy Schmidt wrote:
It
is and I agree with you!
From:
supp...@declude.com
[mailto:supp...@declude.com] On Behalf Of Matt
Sent: Friday, April 30, 2010 12:53 PM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] We have opened
Hello Declude Folks,
RFC 5782 states:
IPv4-based DNSxLs MUST NOT contain an entry for 127.0.0.1.
and also states:
The A record contents conventionally have the value 127.0.0.2
So we will be changing the result code for truncate.gbudb.net to
127.0.0.2 effective immediately.
Thanks!
_M
On 4/30/2010 5:16 PM, Andy Schmidt wrote:
Hi Pete,
I'm look over Decludes recommended Sniffer configuration and trying to
understand how much overlap there is between these options:
IPREPUTATIONSNFIPREPx 0 10 -5
SNFIPCAUTIONSNFIP x
Hi Declude folks,
We have been testing a blacklist based on real-time GBUdb data
(generated from Message Sniffer).
We have decided to experiment with opening up the blacklist for a wider
audience and so as of now you can use truncate.gbudb.net as an ip4r test.
You should get a result of
On 4/29/2010 5:50 PM, Nick Hayer wrote:
Hi
Pete,
Question - is this blacklist info already contained withing any Sniffer
test? I am wondering about double dipping so to speak - if the info is
within Sniffer which rulebase?
That's not an easy question --
If you are using SNF then your
Bonno Bloksma wrote:
Hi,
With the amount of spam I have to throw away each day no reaching
consistant levels of over 90%... I can of course get an even faster
mailserver but I think I would be better of with an extra smtp server
in front of my mailserver which filters the most blatant spam
let us know that too.
We have a limited number of slots open for testing.
We look forward to hearing from you.
Best,
_M
Pete McNeil (Madscientist)
Chief Scientist ARM Research Labs
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail
Robert Grosshandler wrote:
Sounds like a spam headline, doesn't it?
Anyway, we're getting obvious spam, but we're not able to weight it
enough to block it. Any tests you might suggest. The following came
to us BCC'd, I believe. Nothing about it was appropriate for us.
snip/
Katie LaSalle-Lowery wrote:
I have a situation I haven't seen before.
Declude logs show that the message failed Sniffer, which caused the
message to exceed our weight threshold and be deleted.
Sniffer logs show that the message did not fail Sniffer.
Actually that is not correct. The
It's a tiny thing - but it might matter:
When I dig for your spf record
dig @ns1.cefib.com cefib.com -t txt
I get:
;; ANSWER SECTION:
cefib.com. 3540IN TXT v=spf1 mx ip4:217.64.107.106
-all
On the surface it looks correct, but the -all should be ~all
That is - it
Ooops.
I take that last post back I found something else looking more
closely:
;; ANSWER SECTION:
cefib.com. 3540IN TXT v=spf1 mx ip4:217.64.107.106
-all
The mx should not be naked.
Presumably what you wanted was this:
v=spf1 mx:cefib.com ip4:217.64.107.106 ~all
We've done this in the past also -- it made quite a difference,
especially on underpowered hardware.
_M
On Thursday, July 10, 2008, 5:18:30 PM, Fox,Thomas wrote:
FT We do, it works really well. Quite Speedy!!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
On Wednesday, April 9, 2008, 10:01:56 AM, Craig wrote:
Hi Darin,
I guess what I am looking for from Declude (or a third party) is to provide me a filter that will phrase filter the incoming form mail and determine if its a spammy one or not.
We may be able to help you.
Please
All of that is good advice -- but one extra thing drew my attention -- IMAP running 99% CPU -- in my mind that points to possible file system issues - What shape your file system is in: Is it badly fragmented? Are any of your drives performing badly? Also - has someone suddenly changed what
On Friday, February 29, 2008, 8:14:41 AM, David wrote:
snip/
4) Review information on the Sniffer list about updating to the new
service model.
DD I should be on the latest version of Sniffer ... just renewed my
DD contract ... haven't made any changes to the configuration in months.
On Friday, February 29, 2008, 11:26:58 PM, David wrote:
snip/
Short of installing a new network card / drive ... any other thoughts what to try
It's a long shot - but if it were my server I would try it:
Shut down IMAP.
Temporarily shut down SMTP so that new mail doesn't go in
On Wednesday, February 6, 2008, 2:09:23 PM, Herb wrote:
Hi Randy;
We have seen that often, in fact what we do is swap that test in on nights and weekends and out during weekdays (by just renaming the declude conf files with a schedule). It is a nice tool but will bog things down.
Spam has significantly increased in the past 7 days due to new bot
nets (from old friends) and a number of new tactics for generating pdf
and related spam and their mutations.
I've attached a new-spam/leakage analysis from our primary spamtraps-
you can see that new traffic quite literally more
We are processing the FPs on this right now. The rule has been in
place for 866 days without prior FP reports. It's going away now.
Thanks,
_M
On Wednesday, July 18, 2007, 9:15:13 PM, Darin wrote:
DC We had one that was definitely an FP last week. Submitted and received a
DC response that the
Use caution. The first part of the PDF file is common to many PDF files and coding for that will lead to false positives.
The PDFs we're seeing are essentially boiler plate up to the first 12 lines (or so) of base64 encoded data, then there are some variable segments where the image display
On Monday, February 19, 2007, 1:39:39 PM, Darrell ([EMAIL PROTECTED]) wrote:
If I might add to this...
Declude is topping SNF instances before they have time to work -- This causes job files (.XXX and so forth) to build up and cause other SNF instances to relax their timing - in theory to
On Thursday, November 30, 2006, 10:25:25 PM, David wrote:
DD I'm doing my 30 day trial of Message Sniffer .. at the moment it is 5
DD points out of 10 needed to mark something as spam.
DD How accurate is Sniffer?Something that I can raise my weight on?
These days many folks are setting SNF
If this year goes like last year then much worse is yet to come. See
the bottom of this chart:
http://reports.messagesniffer.com/Performance/FlowRatesByDay.jsp
_M
On Wednesday, August 30, 2006, 9:24:34 PM, gbirdsall wrote:
gsc I've seen a 100-130% increase since Sunday. An average day used to
Polo
On Friday, August 11, 2006, 11:30:36 AM, David wrote:
DB Ping
DB ---
DB This E-mail came from the Declude.JunkMail mailing list. To
DB unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
DB type unsubscribe Declude.JunkMail. The archives can be found
DB at
Chuck, I stepped away for a while (started work today at midnight).
I've found your FPs and I will address them immediately.
I note you did not leave a message on the support line (that I can
see).
I'll take the rest of this off list.
Thanks,
_M
On Wednesday, May 24, 2006, 2:12:39 PM, Chuck
On Friday, May 19, 2006, 1:33:06 PM, Kevin wrote:
KB Has anyone else seen an increase of spam since Blue Security wet offline??
KB We have seen an increase and we did not even use the software/service.
We've noted a few bursts today but nothing completely out of the
ordinary.
_M
---
This
One thing that we noticed a few hours ago was a new image spam that
has quite a bit of bandwidth behind it and all new zombies - perhaps
that's a piece of it.
_M
On Friday, May 19, 2006, 3:30:33 PM, Rick wrote:
RB Same here
RB Rick
RB -Original Message-
RB From: [EMAIL PROTECTED]
RB
I added an abstract for this text pattern to Message Sniffer today. We
regularly create similar rules for other variations - these patterns
are independent from the URI.
_M
On Tuesday, April 25, 2006, 11:59:20 AM, Scott wrote:
SF
SF
SF I might suggest something to target the links of the
On Wednesday, January 18, 2006, 9:28:16 AM, Dean wrote:
DL Markus,
DL
DL You still point to the executable in your global config file,
DL but since sniffer is running in persistant mode, it doesn't
DL automatically launch a new instance.
That's almost correct... What happens is that the new
On Sunday, October 2, 2005, 1:23:21 PM, Serge wrote:
S Hi all,
S
S I have been using sniffer for a year and recently add INVURIBL.
S i am trying to find the corrolation between the 2 test to set the weight.
S I tag at 10 and delete at 30..
S I had sniffer at 14.
S now i added invuribl with a
On Sunday, September 11, 2005, 11:46:12 PM, Kim wrote:
KP Over the weekend, a lot of spam has been getting through.
KP Checking the Declude JunkMail log file shows the following:
KP09/10/2005 00:01:41.906 q84a2205001d48c60 ERROR: External
KP program SNIFFER didn't finish quick enough;
Sorry to but in - can't resist... ;-)
The test will run only once, but it will be evaluated for each
possible result (Declude is smart that way). You might even have more
than one test use SNF and add weight.. for example, SNIFFER ...
nonzero and SNFSPECIFIC ... result.
Many folks and the AI
On Thursday, April 14, 2005, 8:50:12 AM, Joey wrote:
JP Can someone please explain to me why, if an email is flagged as spam by
JP Sniffer, I shouldn't just delete it outright? Are there instances where
JP Sniffer is wrong? Or is this the way you all use it already?
JP Reason I ask is that I
, passes everything correctly (including the
environment), and calls declude for each pass.
I'm sure I'll be corrected if I'm wrong.
Why do you want to do this?
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster - www.sortmonster.com
---
This E-mail came
On Wednesday, March 30, 2005, 10:35:52 PM, Darin wrote:
DC Pete,
DC
DC Have you make significant changes to the sniffer rulebase in the past
couple of days?
DC
DC I'm seeing a _huge_ reduction in hold queue messages...
DC roughly down 65%... while total message volume is steady. Only
DC
On Thursday, March 31, 2005, 9:50:05 AM, Darin wrote:
DC That is very significant, and could explain what I'm seeing. I'm going to
DC increase my delete weight a bit for a while to make sure there are no high
DC FPs.
DC I do see the following detection rates from yesterday (3/30)
DC AHBL
On Monday, March 21, 2005, 11:00:49 AM, Chase wrote:
snip/
CS Looking at our test list (posted bellow), we likely have WAY too
CS many dns blacklists. That will be the first thing I look at. Any
CS other suggestions?
I have had luck running a DNS server (resolver - bind) locally on the
IMail
On Monday, March 21, 2005, 11:00:49 AM, Chase wrote:
CS I need some help tuning Declude for performance. Up until
One other thought (pushed send too fast).
You may have a test or two in there that is not responding --- causing
things to time out and slow things down. If you can find it and drop
On Monday, March 21, 2005, 11:29:09 AM, Chase wrote:
CS I don' have UCEPROTECRDO, XBL-DYNA, BLKLST-SURBL
CS and HELOISIP. Can you post your definitions for those? Can I get
CS them off the declude website somehow (I couldn't find them)?
UCEPROTECRDOip4rdnsbl-1.uceprotect.net
On Tuesday, March 15, 2005, 3:33:36 PM, Darin wrote:
DC I'll gladly try it and pass whatever data back for study.
Thanks. I will contact you later off list.
Best,
_M
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the
On Monday, March 14, 2005, 4:40:26 PM, Darin wrote:
DC Yep...It does seem to be getting worse. Sniffer is catching a lot, but a
DC lot is still slipping through, due mostly to constantly changing domain
DC names of various ages.
DC We're just supplementing Sniffer and blacklists with internal
On Monday, March 14, 2005, 5:59:15 PM, Markus wrote:
MG 2.) Log file processing with MDLP (Modular Declude Logfile
MG Processor) written by Pete McNeil This tool does extremely fast
MG parsing of declude jm logfiles. Pete's primary intention was to
MG write a tool that's able to analyze results
On Tuesday, March 1, 2005, 5:38:54 PM, Darrell wrote:
Dsic I though Pete had some locking mechanism built in to prevent overlapping.
Dsic Pete?
Yes. This is it. (quite a lot of locking actually)
This is a pet peeve of mine so I'm going to go just slightly off topic
- it might help someone
On Tuesday, March 1, 2005, 5:48:17 PM, Andrew wrote:
CA (Pete isn't here much)
:-(
I do usually lurk though...
I'll try to post more often...
;-)
_M
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing
On Tuesday, March 1, 2005, 7:14:31 PM, Darin wrote:
DC I disagree with the struggling server logic. We saw the log corruption in a
DC test environment a year ago that had minimal traffic, say a couple thousand
DC messages a day. It was a dual 1.4GHz processor with 1 GB RAM and 10k RPM
DC SCSI
On Friday, February 25, 2005, 5:50:45 PM, Glenn wrote:
GW I've seen several kinds of spam increase in the last day.
We're seeing a new porn campaign, a new kiddie porn campaign, a
ramp-up of the current M$ software rip-off (media-theft) spam. We've
seen a bit of a pick-up in the casino stuff
On Friday, February 25, 2005, 6:11:58 PM, David wrote:
DB Which can under certain circumstances be correct. If you had
DB signed up with the website then declude is correct in identifying
DB them as legitimate email. It is possible we could set up some
DB additional filters to help with a
Just adding to the end of the thread here...
The demo of SNF is meant more to help you get things working on your
system than to prove it can capture spam. The demo rulebase is behind
the registered version quite a bit -- Folks have already told you that
though :-)
For a look at BLs to try and
On Wednesday, February 23, 2005, 3:06:03 PM, Scott wrote:
SF -Mad,
SF Will there be an MDLP page explaining some of the columns?
SF SQ= Spam Test Quality?
SF SI = Spam Test Result Important Count?
SF avgSD = Average Spam Test Dominance?
Yes. Once I get a few minutes to rub together I'll make
On Wednesday, February 9, 2005, 5:55:48 AM, Markus wrote:
MG Hi Scott,
MG
MG great stat's !
MG
MG A question about SNIFFER
MG It seems you have a much longer list of different SNIFFER return codes
then I
MG Is there somewhere a complete list?
MG
MG Markus
Is this what you are looking
On Friday, February 11, 2005, 8:51:46 AM, Darin wrote:
DC Most of what slips through our filters is exactly this. Unfortunately I
DC know of no way to block this short of reacting to the first one seen and
DC adding a body filter for the URL...the same thing Message Sniffer or any
DC SURBL list
On Friday, February 11, 2005, 9:28:28 AM, Darin wrote:
DC Hi Pete,
DC Right... but the first few typically slip through before they're added to
DC your filters (like they would for anyone)...so we add them on the first
DC report to us as well.
I'll raise the feature request again --- as soon as
On Monday, February 7, 2005, 7:14:03 PM, Andy wrote:
AS Interesting sounds like someone would have to write an
AS External Filter. Unless Declude is willing to integrate this
AS in their Sniffer support.
AS
AS When you turn this one - where do this XHDR files appear?
AS In the regular
On Friday, February 4, 2005, 7:06:04 PM, Matt wrote:
M John Tolmachoff (Lists) wrote:
Yeah, but a little birdie told me that the president can get a little hot
some times.
M Where's that birdie located? I'll shoot it if it has been saying bad
M things about me :)
You have to keep the
There are a bunch in this list I think...
http://www.sortmonster.com/MessageSniffer/Referrals.html
_M
On Friday, February 4, 2005, 6:27:07 PM, Danny wrote:
D Looking for a email provider that includes email services,
D spam, virus detection, all in one package that has an excellent up
D time,
On Friday, January 28, 2005, 7:32:39 AM, Kim wrote:
KP It's 4:30A PST, and I cannot access the 'dnsstuff.com' web
KP site. Is anyone else having the same problem?
Works fine from here.
_M
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail
Hello declude,
ping
Thanks,
_M
Pete McNeil (Madscientist)
President, MicroNeil Research Corporation
Chief SortMonster (www.sortmonster.com)
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list
On Monday, January 10, 2005, 12:10:32 PM, Markus wrote:
MG Anyone else can see an abnormal high smtp traffic this minutes?
MG I haven't identified completely but something strnage is going one here. Lot
MG of NDR's
We have been seeing what I would classify as a severe spam storm today
starting
On Monday, January 3, 2005, 11:30:22 AM, Marc wrote:
MC I don't mean to be a nag but this was just posted to the
MC sniffer forum and is exactly what I was talking about. It is
MC almost 48 hours after the first post discussing this bug and
MC there is still no e-mail from Declude that I am
Since URI are a subset of the SNF rulebase it's not unlikely that there
would be quite a bit of overlap. The key differences would be that SNF
does not use any network resources to look up the URI and SNF does not
waste any time examining URI that are not known to be seen in spam --
One of the
On Tuesday, December 28, 2004, 11:06:59 AM, Andy wrote:
AS Hi Pete,
AS Is Sniffer performing URI checks as part of certain return codes only -
AS e.g., if I were to use SURBL to augment Sniffer, are there certain Sniffer
AS Return Codes that are likely to overlap with SURBL lookups - or have all
On Tuesday, December 28, 2004, 11:06:59 AM, Andy wrote:
AS Hi Pete,
AS Is Sniffer performing URI checks as part of certain return codes only -
Sorry to respond twice but I want to clear up some potential confusion
- SNF includes URI as part of it's pattern matrix. It does not do any
specific
On Thursday, December 23, 2004, 7:36:15 PM, Bennie wrote:
B OK... I have downloaded the trail of sniffer and installed per the
B instructions... added the lines to my Declude.cfg and $default$.junkmail.
B Now I am getting no warnings in the headers... how can I look to see if the
B test is
1 - 100 of 231 matches
Mail list logo
